Browse all 5 CVE security advisories affecting theme funda. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Theme funda is a WordPress theme provider offering customizable templates for websites, with five CVEs recorded to date. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, often stemming from insufficient input validation and improper access controls. Security characteristics include frequent use of deprecated functions and inconsistent sanitization practices. While no major public incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing security challenges in theme development and maintenance, posing risks to unpatched deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24642 | WordPress Setup Default Featured Image plugin <= 1.2 - Broken Access Control vulnerability — Setup Default Featured ImageCWE-862 | 6.5 | Medium | 2025-02-03 |
This page lists every published CVE security advisory associated with theme funda. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.